How will UD prevent future attacks?

Click a question to reveal its answer.

Where can I get updated information?

UD will post updates to this Web site.

What steps did the University take once it found out about the
attack?

UD took immediate corrective action to contain the incident.
Although we cannot discuss the technical details of our systems
and network security, we can tell you that the University has
worked with the FBI and has engaged a leading data security
firm to assist with the forensic investigation.

What is being done to ensure this does not happen again?

The University of Delaware treats information security with the
utmost seriousness and continually updates its defenses against
cyberattacks.

The University has been aligned with the best practices in the
IT industry; unfortunately, there is no way that any organization
can guarantee that a cyberattack will never occur. However, we
are already making changes to our network in consultation with
the FBI, our data security consultant, and other universities
whose systems have been breached in the past.

How will UD manage my private information in the future?

Our information security policies and practices are in line with
both IT industry and higher education IT best practices. UD
follows HIPAA, FERPA and all other federal and state laws
designed to protect your private information. UD will continue
to exercise caution and continually improve safeguards for
protecting your personal information.

Why does UD need to have my Social Security number at all?

The Higher Education Act of 1965 allows colleges and
universities to use Social Security numbers (SSNs) for
institutional transactions. It is routine for colleges and
universities to store this information electronically. According
to the U.S. Social Security Administration, it is a best
practice in higher education for an institution to assign
another primary identifier for most university transactions
while the SSN remains in the university database as a secondary
identifier. That is what we do at UD. For employees, a
“University of Delaware Identification
Number” (UD ID) is assigned when an employee is hired
and appears on most university forms as that
employee’s identifier. The same process of assigning
unique UD ID identification numbers is used for students.
Your UD ID cannot be used by itself to access
your private information. SSNs do not appear on UD-issued
identification cards, procurement cards, or any UD public
posting.

UD collects and uses SSNs only as necessary for the performance
of the University’s duties and responsibilities and
as required by law. The University uses the SSN as a unique
identifier for many business and financial purposes:

to
process payroll and other human resource information, including
health and retirement benefits registration and processing, tax
reporting, unemployment and workers compensation,

for
payments to vendors and independent contractors,

as part of
the process of making financial aid awards, including grants,
loans, work-study awards, and other forms of financial aid,

for student account collections,

as part of admissions and
enrollment processes, and

to facilitate planned giving
reporting.

UD is dedicated to ensuring the privacy and proper handling of
SSNs of its students, employees, and individuals associated with
the University.

Will the University change the way they store Social Security
numbers as a result of this incident?

We continually assess and improve our information security
policies and procedures to ensure we are in line with both IT
industry and higher education IT best practices. Further, we are
evaluating our systems and processes in consultation with the
FBI, our data security consultant, and other universities whose
systems have been breached in the recent past. UD complies with
HIPAA, FERPA and all other federal and state laws designed to
protect your private information. UD will continue to exercise
caution and continually improve safeguards for protecting your
personal information.